ControlScan Blog

Posts published by: Marc Punzirudu



  1. Home
  2. ControlScan Blog
  3. Posts published by: Marc Punzirudu

Best Practices for Remote Security Assessments

April 1, 2020Published by

What happens in social distancing situations like the one we are in now, when security assessments such as PCI, HIPAA, risk analysis, and many more require an onsite visit to your in-scope locations? Events such as COVID-19 create a need to become more agile in order to maintain business as usual while shifting the paradigm of working in person.

  Read More   

Tackling the Insider Threat of Disengaged Employees

January 2, 2020Published by

We’ve all worked with them, and at some point in our career, we may have even been one: A disengaged employee. Most companies and leadership teams concern themselves with unhappy employees for one basic reason, and that’s the costs of lost productivity. But have you ever thought about the cybersecurity threat posed by an actively disengaged employee?

  Read More   

The Number One Reason Businesses Fail Their QSA Audit

August 16, 2018Published by

In the business world, compliance audits are a fact of life. Standards must be followed, and each governing body must receive its assurances. We’ve identified the number one reason businesses fail their PCI QSA audit, and it’s not what you may think.

  Read More   

Does Your Business Need a PCI DSS Readiness Assessment?

July 27, 2018Published by

A PCI DSS readiness assessment (also known as a gap analysis) is an effective method for finding and fixing compliance holes efficiently and economically. Read this post to learn if your business can benefit from a readiness assessment.

  Read More   

        Featured        

6 Ways to Find the Best PCI QSA

June 25, 2018Published by

How do you find the best PCI QSA for your company? Here are the 6 criteria you should apply when searching for your next Qualified Security Assessor.

  Read More   

Wi-Fi Security Takes a Hit

October 23, 2017Published by

Last week, it was announced that the Wi-Fi security protocol WPA2 has a serious flaw. WPA2 is the current encryption standard; there is nothing generally available that’s known to be more secure.Wi-Fi has become a necessity for businesses everywhere, so disconnecting and waiting for a solution to the current Wi-Fi security flaw isn’t an option. The answer lies in a layered approach to your security efforts.

  Read More   

Don’t Confuse P2PE and Firewall Functionality

July 24, 2017Published by

The ability to devalue credit card data has made point-to-point encryption (P2PE) technology a hot topic among franchisors. And what’s not to love? With a PCI P2PE solution in place, your franchise can check off that PCI compliance box as well as rest assured that your payment transactions are safe and secure.But is securing your credit card transactions between the POS and the payment processor all your business should worry about? Does implementing P2PE make every other security technology irrelevant to your business?

  Read More   

New Data Security Warning for FTP Use in Healthcare

April 19, 2017Published by

FTP servers are essential for sharing files and data, but healthcare providers continue to utilize them in an insecure manner. Just last year, the ControlScan Security Consulting team saw this in action within a large healthcare organization. What happens when FTP goes wrong and how can you prevent your FTP server from leaking ePHI? Read on to find out.

  Read More   

How to Make Multi-Factor Authentication Meaningful

October 7, 2016Published by

One of the easiest ways you can protect business accounts from unauthorized use is to incorporate multi-factor authentication, or MFA. But how do you use it in a way that has a meaningful impact on your organization’s security risk reduction efforts?

  Read More   

3 Ways Firewall Management Services Prevent Breaches

May 2, 2016Published by

Split Decisions Cost Big BucksOne of the worst things that can happen to a convenience store manager is their cooler shutting down without their knowledge. Beer gets warm and food spoils, translating into hundreds of dollars lost.But what’s worse than a cooler shutting down? A firewall “shutdown.”Let’s assume a third party comes in to implement […]

  Read More   

        Featured        

“Can You Buzz Me In?” – An Invitation to a Security Breach

April 12, 2016Published by



Chances are you’ve helped someone get into a building without verifying whether or not they should be allowed in, or even asking if they had a legitimate reason for being there. It might have been at a hotel, or the building in which you work, or a building where you had a meeting. […]

  Read More   

Preventing Incidental Disclosure and Other PHI Data Loss [Video]

February 26, 2016Published by


Taking care to not disclose patient information is critical to the success of any healthcare organization. In this post and accompanying video clip, I discuss the security issues I commonly run across in the healthcare setting, as well as actionable tips for preventing their occurrence.

  Read More   

Protecting Sensitive Information in Memory

January 25, 2016Published by

Whether it is PAN data (credit card numbers), ePHI, PII or intellectual property, the rationale is all the same; disclosing any sensitive data can be a nightmare for your company or product’s future. This post, however, is focused on cardholder data, because businesses with POS environments are the most commonly breached entities that exist and quite frankly, their average security posture is pretty low.

  Read More   

HTTP/2: We Need It, But Is It Secure?

January 18, 2016Published by

Buzz is growing about a new HTTP coming to market. This new version of Hypertext Transfer Protocol, HTTP/2, is attracting much fanfare because it promises greater speed and efficiency. The Internet isn’t “broken,” so why fix it?

  Read More   

Building Confidence in Your Security Posture

November 9, 2015Published by

Today’s unprecedented breach activity—and the high costs breached companies are paying as a result—are causing executive teams to sit up and take notice. Those responsible for organizational IT are finding themselves under increasing pressure to reinforce and report on a strong security posture to stakeholders.

  Read More   




Back to Top